Hi GH AW team,
First of all, I want to start by saying that GitHub Agentic Workflows is a really useful tool and my team and I have enjoyed using it.
Our team is called Drasi Project and we are currently using an agentic workflow in one of our repositories, drasi-core. We have an issue researcher workflow that gets triggered when an issue on that repository is labeled with needs-research, and the workflow uses the Copilot CLI to conduct some investigation on that topic. Everything works flawlessly.
Now, since we have multiple repositories in our organization, we wanted to see if we could place the agentic workflow definition in a centralized place, such as the .github repository for our organization. After some experimentation, we were finally able to get it working by hosting the agentic workflow (.md and compiled .lock.yml) in the .github repo and using lightweight dispatch workflows in each individual repository that call gh workflow run with --ref against the .github repo when an issue is labeled. The add-comment safe output was configured with target: "*" and allowed-repos to allow the workflow to post comments back to issues in other repositories. You can find an example of the workflow file here: https://github.com/drasi-project/.github/blob/centralized-workflows/.github/workflows/drasi-issue-researcher.md
This flow required three tokens:
COPILOT_GITHUB_TOKEN — A personal fine-grained PAT with the Copilot Requests permission, stored in the .github repo. This powers the AI inference engine.ISSUE_UPDATE_TOKEN — A PAT with Issues Read & Write permission on the target repos, stored in the .github repo. This is needed because the default GITHUB_TOKEN is scoped to the .github repo and cannot write comments to issues in other repositories within the org.DISPATCH_TOKEN — A PAT with Actions Read & Write permission on the .github repo, stored as an organization-level secret. This allows the dispatch workflows in other repos to trigger the workflow_dispatch event cross-repo.
I am wondering if you have explored this and if there are any alternative, simpler approaches? Happy to share more information or contribute.
Hi GH AW team,
First of all, I want to start by saying that GitHub Agentic Workflows is a really useful tool and my team and I have enjoyed using it.
Our team is called Drasi Project and we are currently using an agentic workflow in one of our repositories, drasi-core. We have an issue researcher workflow that gets triggered when an issue on that repository is labeled with
needs-research, and the workflow uses the Copilot CLI to conduct some investigation on that topic. Everything works flawlessly.Now, since we have multiple repositories in our organization, we wanted to see if we could place the agentic workflow definition in a centralized place, such as the
.githubrepository for our organization. After some experimentation, we were finally able to get it working by hosting the agentic workflow (.mdand compiled.lock.yml) in the.githubrepo and using lightweight dispatch workflows in each individual repository that callgh workflow runwith--refagainst the.githubrepo when an issue is labeled. Theadd-commentsafe output was configured withtarget: "*"andallowed-reposto allow the workflow to post comments back to issues in other repositories. You can find an example of the workflow file here: https://github.com/drasi-project/.github/blob/centralized-workflows/.github/workflows/drasi-issue-researcher.mdThis flow required three tokens:
COPILOT_GITHUB_TOKEN— A personal fine-grained PAT with the Copilot Requests permission, stored in the.githubrepo. This powers the AI inference engine.ISSUE_UPDATE_TOKEN— A PAT with Issues Read & Write permission on the target repos, stored in the.githubrepo. This is needed because the defaultGITHUB_TOKENis scoped to the.githubrepo and cannot write comments to issues in other repositories within the org.DISPATCH_TOKEN— A PAT with Actions Read & Write permission on the.githubrepo, stored as an organization-level secret. This allows the dispatch workflows in other repos to trigger theworkflow_dispatchevent cross-repo.I am wondering if you have explored this and if there are any alternative, simpler approaches? Happy to share more information or contribute.